Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14193 | 1 Finecms Project | 1 Finecms | 2017-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | |||||
| CVE-2017-14192 | 1 Finecms Project | 1 Finecms | 2017-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. | |||||
| CVE-2017-14195 | 1 Finecms Project | 1 Finecms | 2017-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. | |||||
| CVE-2017-12879 | 1 Paessler | 1 Prtg Network Monitor | 2017-09-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2015-4721 | 1 Concrete5 | 1 Concrete5 | 2017-09-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. | |||||
| CVE-2015-3161 | 1 Beaker-project | 1 Beaker | 2017-09-10 | 3.5 LOW | 4.8 MEDIUM |
| The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. | |||||
| CVE-2016-1941 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2017-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The file-download dialog in Mozilla Firefox before 44.0 on OS X enables a certain button too quickly, which allows remote attackers to conduct clickjacking attacks via a crafted web site that triggers a single-click action in a situation where a double-click action was intended. | |||||
| CVE-2016-1915 | 1 Blackberry | 1 Blackberry Enterprise Service | 2017-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. | |||||
| CVE-2015-0101 | 1 Ibm | 1 Business Process Manager | 2017-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5. | |||||
| CVE-2017-9979 | 1 Osnexus | 1 Quantastor | 2017-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS. | |||||
| CVE-2017-14126 | 1 Xnau | 1 Participants Database | 2017-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Participants Database plugin before 1.7.5.10 for WordPress has XSS. | |||||
| CVE-2014-4925 | 2 Good, Google | 2 Good For Enterprise, Android | 2017-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. | |||||
| CVE-2017-11355 | 1 Pega | 1 Pega Platform | 2017-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page. | |||||
| CVE-2016-2973 | 1 Ibm | 1 Sametime | 2017-09-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113899. | |||||
| CVE-2016-2979 | 1 Ibm | 1 Sametime | 2017-09-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113945. | |||||
| CVE-2014-8753 | 1 Cit-e-net | 1 Cit-e-access | 2017-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. | |||||
| CVE-2016-10508 | 1 Phpthumb Project | 1 Phpthumb | 2017-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. | |||||
| CVE-2015-3976 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2017-09-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | |||||
| CVE-2017-3155 | 1 Apache | 1 Atlas | 2017-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. | |||||
| CVE-2017-12984 | 1 Phpmywind | 1 Phpmywind | 2017-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | |||||
| CVE-2017-13671 | 1 Misp | 1 Misp | 2017-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation. | |||||
| CVE-2016-0713 | 1 Cloudfoundry | 1 Cf-release | 2017-09-05 | 2.6 LOW | 4.7 MEDIUM |
| Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests. | |||||
| CVE-2017-7855 | 1 Icewarp | 1 Server | 2017-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | |||||
| CVE-2017-14070 | 1 Nexusphp | 1 Nexusphp | 2017-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. | |||||
| CVE-2017-1445 | 1 Ibm | 1 Emptoris Spend Analysis | 2017-09-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128170. | |||||
| CVE-2017-1447 | 1 Ibm | 1 Emptoris Sourcing | 2017-09-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128172. | |||||
| CVE-2017-1444 | 1 Ibm | 1 Emptoris Sourcing | 2017-09-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110. | |||||
| CVE-2016-7851 | 1 Adobe | 1 Connect | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks. | |||||
| CVE-2016-1609 | 1 Novell | 1 Filr | 2017-09-03 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. | |||||
| CVE-2016-8581 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator. | |||||
| CVE-2016-2967 | 1 Ibm | 1 Sametime | 2017-09-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113848. | |||||
| CVE-2016-0243 | 1 Ibm | 1 Websphere Portal | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0244. | |||||
| CVE-2016-2975 | 1 Ibm | 1 Sametime | 2017-09-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935. | |||||
| CVE-2016-8019 | 1 Mcafee | 1 Virusscan Enterprise | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input. | |||||
| CVE-2017-3153 | 1 Apache | 1 Atlas | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality. | |||||
| CVE-2017-3152 | 1 Apache | 1 Atlas | 2017-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality. | |||||
| CVE-2016-3652 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-03 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1443 | 1 Ibm | 1 Emptoris Services Procurement | 2017-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128109. | |||||
| CVE-2017-12856 | 1 C.p.sub Project | 1 C.p.sub | 2017-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. | |||||
| CVE-2015-6942 | 1 Coremail | 1 Coremail Xt | 2017-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. | |||||
| CVE-2015-6588 | 1 Modx | 1 Modx Revolution | 2017-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||||
| CVE-2016-9732 | 1 Ibm | 1 Curam Social Program Management | 2017-09-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761. | |||||
| CVE-2017-13762 | 1 Onosproject | 1 Onos | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | |||||
| CVE-2017-3150 | 1 Apache | 1 Atlas | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script. | |||||
| CVE-2017-14036 | 1 Crushftp | 1 Crushftp | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. | |||||
| CVE-2013-7433 | 1 Mapsplugin | 1 Googlemaps | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!. | |||||
| CVE-2017-10838 | 1 Seopanel | 1 Seo Panel | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-1485 | 1 Ibm | 1 Cognos Analytics | 2017-09-01 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623. | |||||
| CVE-2015-2046 | 1 Mantisbt | 1 Mantisbt | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. | |||||
| CVE-2014-9469 | 1 Vbulletin | 1 Vbulletin | 2017-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. | |||||